Homebrew Using HANS for making an in-game cheat menu?

  • Thread starter Deleted User
  • Start date
  • Replies 22

Do you think this is possible?

  • Yes

  • No


Results are only viewable after voting.
D

Deleted User

Guest
Hello Gbatemp:
Could that be possible?
Thinking about a think like Gateway ingame cheat menu.
With HANS we can return to HBL so we could make a pause game and go to cheatmenu.3dsx ?
 
D

Deleted User

Guest
Another way would be to edit the hans payload so that it creates a thread in game code that will run in the free executable space at the end of .text pages.
In this custom thread we can try to make a simple RAM editor which loads a cheat file previously loaded in a buffer, and will run with the game code.
That's my lil idea.
 
  • Like
Reactions: JJTapia19

Mrrraou

Well-Known Member
Member
Joined
Oct 17, 2015
Messages
1,873
Trophies
0
XP
2,344
Country
France
Not possible:
Another way would be to edit the hans payload so that it creates a thread in game code that will run in the free executable space at the end of .text pages.
In this custom thread we can try to make a simple RAM editor which loads a cheat file previously loaded in a buffer, and will run with the game code.
That's my lil idea.
.text size can't be edited because of exheaders and things that follows. Plus, memory problems would occur when trying to load cheats in RAM.
A better idea would be to patch directly the code.bin to make the cheat you want.
Hello Gbatemp:
Could that be possible?
Thinking about a think like Gateway ingame cheat menu.
With HANS we can return to HBL so we could make a pause game and go to cheatmenu.3dsx ?
Making the game pause would maybe be possible when patching the home button code, as the payload does for screenshots. Then maybe something could be done here, but not sure, if the code runs in another service/process, the game RAM cannot be patched (with gspwn, maybe it can). And it would never run a 3DSX. Ever. (making it running a 3dsx that could access the game ram while running it would be as possible as your famous amiibohax that gives kernel exploit. :rofl2: I'm sorry but it makes me laugh so hard)
 
Last edited by Mrrraou,
D

Deleted User

Guest
Not possible:

.text size can't be edited because of exheaders and things that follows. Plus, memory problems would occur when trying to load cheats in RAM.
A better idea would be to patch directly the code.bin to make the cheat you want.
I'm aware of how it works.
But the memory pages are 0x1000 aligned, so there will be very little executable space between .text code end and .text page end.
If i understood the sources well, this is how hans repairs game's code before launch it.
 

Mrrraou

Well-Known Member
Member
Joined
Oct 17, 2015
Messages
1,873
Trophies
0
XP
2,344
Country
France
I'm aware of how it works.
But the memory pages are 0x1000 aligned, so there will be very little executable space between .text code end and .text page end.
If i understood the sources well, this is how hans repairs game's code before launch it.
Well, depending on games.
And, I don't know where you saw that HANS was repairing "game's code", but... could you explain (or give a link to that part of the code) ?
 
D

Deleted User

Guest
https://github.com/smealum/HANS/tree/master/loader
I looked quicly at the sources, i can be wrong;
The loader seems to overwrite the first 0x5000 bytes of the game code, which then gets repaired.
In order to do this the loader places a stub at the very end of the .text page, which will re-jump at the game code once gspwn finished to copy the corrupted parte.

My idea was to expand the stub code to create a custom thread.
But the space is very little.
 

Mrrraou

Well-Known Member
Member
Joined
Oct 17, 2015
Messages
1,873
Trophies
0
XP
2,344
Country
France
https://github.com/smealum/HANS/tree/master/loader
I looked quicly at the sources, i can be wrong;
The loader seems to overwrite the first 0x5000 bytes of the game code, which then gets repaired.
In order to do this the loader places a stub at the very end of the .text page, which will re-jump at the game code once gspwn finished to copy the corrupted parte.

My idea was to expand the stub code to create a custom thread.
But the space is very little.
Well, in fact, it does. It copies stub.bin at the beginning of the .text first then runs it. But still, you would have to find where you are going to put the cheats inside memory without breaking the game. But, well, maybe it could be possible. Let's see if you can restore it and still having the thread running, too.

--------------------- MERGED ---------------------------

What?
 
  • Like
Reactions: JJTapia19

hacksn5s4

Banned!
Banned
Joined
Aug 12, 2015
Messages
4,332
Trophies
0
XP
1,222
Country
could make it so yo apply the cheats before you start the game and you hold a button combination the browser ramhack thing worked with out kernel exploit and rom hacks are possible on hans so i don't see why is would not
 

MsMidnight

part time fe modder
Member
Joined
Oct 12, 2015
Messages
1,753
Trophies
0
Location
kys
Website
camilla.hostfree.pw
XP
1,397
Country

Attachments

  • Screenshot_2015-11-30-07-10-05.png
    Screenshot_2015-11-30-07-10-05.png
    42.7 KB · Views: 308
  • Like
Reactions: Deleted User

Site & Scene News

General chit-chat
Help Users
  • sorabora tempBOT:
    sorabora has left the room.
  • felixsrg tempBOT:
    felixsrg has left the room.
  • CeeDee @ CeeDee:
    CeeDee has left the room.
  • impeeza @ impeeza:
    I want yo eat more veggies.
  • impeeza @ impeeza:
    but I am anticoagulted so no can do ;(
  • kenenthk @ kenenthk:
    You wouldn't like my veggie
  • PeeJay Bonobo @ PeeJay Bonobo:
    BUMPER CARS
  • kenenthk tempBOT: @ kenenthk
    Into the thick of it
  • XAIXER @ XAIXER:
    Pretty quiet Shoutbox
  • SG854 @ SG854:
    Chit chat move at too fast a pace. Before when it was like 4 people I could keep up.
  • SylvWolf tempBOT:
    SylvWolf has left the room.
  • XAIXER @ XAIXER:
    True
  • PeeJay Bonobo @ PeeJay Bonobo:
    Nowadays, everybody wanna talk like they got something to say, but nothing comes out
  • MochaMilk @ MochaMilk:
    New update looks clean as heck!
    +1
  • XAIXER @ XAIXER:
    Never seen it get to 0 before...
  • PeeJay Bonobo @ PeeJay Bonobo:
    I have.
  • PeeJay Bonobo @ PeeJay Bonobo:
    but the issue is, when you start talking, it increases to 1
  • PeeJay Bonobo @ PeeJay Bonobo:
    So I guess it counts the active people in the chat.
    +1
  • CeeDee @ CeeDee:
    howdy gbatempers it's ya boi(tm) ceedee
  • PeeJay Bonobo @ PeeJay Bonobo:
    I almost misread that as "CeeDeez"
  • sTo0z @ sTo0z:
    fancy
  • PeeJay Bonobo @ PeeJay Bonobo:
    hi sto0z
  • PeeJay Bonobo @ PeeJay Bonobo:
    Big fan of the sTo0Z Zone
    PeeJay Bonobo @ PeeJay Bonobo: Big fan of the sTo0Z Zone